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A compact, self-contained, personal key is disclosed. The personal key comprises a USB-compliant interface (206) releasably coupl 
eable to a host processing device (102); a memory (214); and a processor (212). The processor (212) provides the host processing device 
(102) conditional access to data storable in the memory (214) as well as the functionality required to manage files stored in the personal key 
and for performing computations based on the data in the files. In one embodiment, the personal key also comprises an integral user input 
device (218) and an integral user output device (222). The input and output devices (218, 222) communicate with the processor (212) by 
communication paths (220, 222) which are independent from the USB-compliant interface (206), and thus allow the user to communicate 
with the processor (212) without manifesting any private information external to the personal key. 
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Description 



USB-COMPUANT PERSONAL KEY WITH 

INTEGRAL INPUT AND OUTPUT DEVICES 

■BACKGROUND OF THE INVENTION 1. F : eic of the Invention 

The present invention relates 10 computer cerioherals. and in particular to a personal key having input and 
output devices integrated therewith to provide for increased security. 

2. Description of the Related Ar: 

In the last cecade, the use of oersonal computers in both the home and in the office have become 
widespread. These computers provide a htgn ievel of functionality to many people at a moderate price, 
substantially surpassing the performance of the large mainframe computers of only a few decades ago. 
The trend is further evidenced by the increasing popularity of laptop and notebook computers, which 
provide high-performance computing power on a mobile basis. 

The widespread availability of personal computers has had a profound impact on interpersonal 
communications as well. Only a decade ago. telephones or fax machines offered virtually the only media 
for rapid business communications. Today, a growing number of businesses and individuals communicate 
via electronic mail (e-mail). Personal computers have also been instrumental in the emergence of the 
Internet and its growing use as a medium of commerce. 

While certainiy beneficial, the growing use of computers in personal communications, commerce, and " 
business has also given rise to a number of unique challenges. 

First, the growing use of computers has resulted in extensive unauthorized use and copying of computer 
software, costing software developers substantial revenue. 

Although unauthorized copying or use of software is a violation of the Saw, the widespread availability of 
pirated software and enforcement difficulties have limited the effectiveness of this means of preventing 
software piracy. 

Software developers and computer designers alike have sought technical solutions to attack the problem of 
software piracy. One solution uses an external device known as a hardware key, or"dongle"coupled to an 
input/output (I/O) port of the host computer. 

While the use of such hardware keys is an effective way to reduce software piracy, to date, their use has 
been substantially limited to high value software products. Hardware keys have not been widely applied to 
popular software packages, in part, because the hardware keys are too e>cpensive, and in part, because 
there is a reluctance on the part of the application program user to bother with a hardware key whenever 
use of the protected program is desired. Also, in many cases, the hardware keys are designed for use with 
only one application. Hence, where the use of multiple applications on the same computer is desired, 
multiple hardware keys must be operated at the same time. 

While it reflects a tremendous advance over telephones and facsimile machines, e-mail also has its 
problems. One of these problems involves security. 

Telephone lines are relatively secure and a legally sanctioned way to engage in the private transmission of 
information, however, e-mails are generally sent over the 

Internet with no security whatsoever. Persons transmitting electronic messages must be assured that their 
messages are not opened or disclosed to unauthorized persons. 

Further, the addressee of the electronic message should be certain of the identity of the sender and that 
the message was not tampered with at some point during transmission. 

Although the packet-switching nature of Internet communications helps to minimize the risk of intercepted 
communications, it would not be difficult for a determined interloper to obtain access to an unprotected e- 
mail message. 
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Many methccs have ceen developed to secure the integrity of electronic messages curing transmission. 
Simple encrvoiion is the most common metnod of securing data. 3ctn secret key encryption such as DES 
(Data Encryption Stancard) ana oubiic key encryption methods that use both a cublic and a private key are 
implemented. 

Public and private key encryption methods ailow users to send internet and e-mail messages without 
concern that the message wiii ce read by unauthorized persons or that its contents wiil be tampered with. 
However, key cryptographic methods ao not protect the receiver of the message, because they do not 
ailow the recipient tcTauinenticaie the validity of the public key or to validate the identity of the sender of the 
electronic message. 

The use of digital certificates presents one solution to this problem. A digital certificate is a signed 
document attesting to the identity and public key of the person signing the message. Digital certificates 
allow the recipient to validate the authenticity of a public key. However, the typical user may use e-mail to 
communicate with huncreds of persons, and may use any one of several computers to ao so. Hence, a 
means for managing a number of digital certificates across several computer platforms is needed. 

Internet commerce raises other challenges. Users seeking to purchase goods or services using the Internet 
must be assured that their crecit card numcers and the like are safe from compromise. At the same time, 
vendors must be assured that services and goods are delivered only to those who have paid for them. In 
many cases, these gcais are accomplished with the use of passwords. However, as Internet commerce 
becomes more common olace. customers are finding themselves in a position where -hey must either 
decide to use a small number of passwords for all transactions, or face the daunting task of remembering 
multiple passwords. Using a small number of passwords for all transactions inherently compromises 
security, since the disclosure of any of the passwords may lead to a disclosure of the others. Even the use 
of a large number of passwords can lead to compromised security. Because customers commonly forget 
their password, many internet vendors provide an option whereby the user can be reminded of their 
password by providing other personal information such as their birthplace, mother's maiden name, and/or 
social security number. This feature, while often necessary to promote Internet commerce, severely 
compromises the password by relying on'secret" information that is in fact, publicly available. 

Even in cases where the user is willing and able to keep track of a large number of passwords, the 
password security technique is often compromised by the fact that the user is inclined to select a password 
that is relatively easy to remember. It is indeed rare that a user selects a truly random password. What is 
needed is a means for generating and managing random passwords that can be stored and recalled for 
use on a wide variety of computer platforms. 

Internet communications have also seen the increased use of cookies. M Cookies comprise data and 
programs that keep track of a user's patterns and preferences that can be downloaded from the Internet 
server for storage on the user's computer. 

Typically, cookies contain a range of addresses. When the browser encounters those addresses again, the 
cookies associated with the addresses are provided to the Internet server. For example, if a user's 
password were stored as a cookie, the use of the cookie would allow the user to request services or goods 
without requiring that the user enter the password again when accessing that service for the second and 
subsequent time. 

However beneficial, cookies can also have their dark side. Many users object to storage of cookies on their 
computer's hard drive. In response to these concerns, 

Internet browser software allows the user to select an option so that they are notified before cookies are 
stored or used. The trouble with this solution is that this usually results in an excessive number of 
messages prompting the user to accept cookies. A better solution than this all-or-nothing approach would 
be to allow the storage and/or use of cookies, but to isolate and control that storage and use to comply with 
userspecified criteria. 

Smartcard provide some of the above mentioned functionality, but smartcards do not present an ideal 
solution. First, personal keys are only valuable to the user if they offer a single, widely accepted secure 
repository for digital certificates and passwords. Smartcard readers are relatively expensive, and are not in 
wide use, at least in the United States, and are therefore unsuited to the task. 
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Second, smancards zz not crevice for entering data directly Into the card. 

This opens the smartcarc to trcssioie sniffer modules in maiicicus software, which can monitor the 
smartcarc -reader interace to :e:ermine the user's personal Identification or passworc information. This 
problem is especially crooiematic :n situaticns where the user is using an unknown or untrusted smartcard 
reader. The !ack of any direct :ncut device also prevents the user from performing any smartcard-related 
functions in the relative;*/ common situation wnere no smartcard reader is available. 

Third, data cannot be accessea from the smarrcard unless the smartcard is in the reader. This prevents the 
user from viewing data stored n tne smarrcard (i. e. a stored password) until a smartcard reacer can be 
located. Given that srr.ancarc readers (especially trusted ones) can be difficult to find, this substantially 
limits the usefulness cf the care. Of course, the user may simoiy write the- password down on paper, but 
this may compromise :ne security of all of the data in the card, anc is inconsistent with the goal of providing 
a central, secure, portacie repository for private data. 

From the foregoing, it can be seen that there Is a need for a personal key that allows the user to store and 
retrieve passwords anc aigitai cerriflcates without requiring the use cf vulnerable externa) interfaces. 

• SUMMARY OF THE INVENTION 

~ The present invention satisfies ail of these needs with a personal key in a form factor that is compliant with 
a commonly available I/O interface such as the Universal 

Serial Bus (USB). The personal key includes a processor and a memon/ which implement software 
protection schemes to prevent copying and unauthorized use. 

The personal key provides for the storage and management of digital certificates, allowing the user to store 
all of his digital certificates in cne media that is portable from platform to platform. The personal key 
provides for the generation, storage, and management of many passwords, providing additional security" 
and relieving the user from the task of remembering multiple passwords. The personal key provides a 
means to store cookies and other Java-implemented software programs, allowing the user to accept 
cookies in a removable and secure form-factor. These features are especially useful when the present 
invention is used in a virtual private network (VPN). The present invention can also be used for several 
applications 

Because the personal key is capable of storing virtually all of the user's sensitive information, it is important 
that the personal key be as secure as possible. 

Hence, one embodiment of the personal key also comprises a biometric sensor disposed to measure 
biometrics such as fingerprint data. The biometric sensor measures characteristics of the person holding 
the key (such as fingerprints) to confirm that the person possessing the key is the actual owner of the key. 

Since the personal key represents a single, secure repository for a great deal of the data the user will need 
to use and interact with a variety of computer platforms, it is also important that the personal key be able to 
interface (i. e., transmit and receive data) with a large variety of computers and computer peripherals. 
Hence, one embodiment of the personal key includes an electromagnetic wave transception device such 
as an infrared (IR) transceiver. This transceiver allows the personal key to exchange information with a 
wide variety of computers and peripherals without physical coupling. 

The present invention is well suited for controlling access to network services, or anywhere a password, 

cookie, digital certificate, or smartcard might otherwise be used, including: 

Remote access servers, including Internet protocol security (IPSec), point 

to point tunneling protocol (PPTP), password authentication protocol 
r; (PAP), challenge handsnake authentication protocol (CHAP), remote 

access dial-in user service (RADIUS), terminal access controller access 
- control system (TACACS); 

i ProN, Providing Extranet and subscription-based web access control, including 

i hypertext transport protocol (HTTP), secure sockets layer (SSL); 

T :? - Supporting secure online banking, benefits administration, account 

management; 

Supporting secure workflow ana supply chain integration (form signing) ; 
Preventing laptop computer theft (requiring personal key for laptop 
* % • operation); 
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Workstation logon autnonzaucr-: 

Preventing :he modification cr :ocying of scrr.vare: 

Encr/pting files: 

Supporting secure e-maii. for example, witn secure muitipurccse internet 
maii extensions (S/MIMEV anc :cen pretty zzod privacy fOpenPGP) 
Administering network equipment administration: and 
Eiectronic wallets, with, for examcie. secure electronic transaction iSET, 
MiliiCent, eWallei) 

!n one embodiment, the present invention comprises a compact, seifcontained. personal token or key. The 
personal key comprises a US3-:cmpliant ;r:erface releaseably couoieabie to a host processing device; a 
memory; and a processor. The processor orcvides the host processing device conditional access to data 
storable in the memory as wei! as the functionality required to manage files stored in the personal key and 
for performing computations based on the cata in the files. In one embodiment, the personal key aiso 
comprises an integral user incut device ana an integral user output device. The input and output devices 
communicate with the processor by communication paths which are independent from the USBcompliant 
interface, and thus allow the user to communicate with the processor without manifesting any private 
information external to the personal key. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Referring now to the drawings sr. which like reference numbers represent corresponding parts throughout: 
FIG. I is a diagram showing an exemplary hardware environment for practicing the present invention: 
FIG. 2 is a block diagram illustrating selectee modules of one embociment of the present invention; 
FIG. 3 is a diagram of the memory resources orovided by the memory of the personal key; 
FIG. 4 is a diagram shewing one embodiment of how an encryption engine is used to authenticate the 
identity of the personal key or the application data stored therein; 

FIG. 5 is a diagram illustrating the data contents of a file system memory resource of an active personal 

key that provides authenticaticn and specific configuration data for several application: 

FIG. 6 is a diagram presenting an illustration of one embodiment of the personal key; 

FIGs. 7A-7C are diagrams showing one emccdiment of the personal key having an input device including a 

first pressure sensitive device and a second pressure sensitive device, each communicatively coupled the 

processor by a communication oath distinct from the USB-compliant interface; 

FIGs. 8A-8C are diagrams presenting an illustration of another embodiment of the present invention; 

FIG. 9 is a flow chart illustrating an embodiment of the present invention in which processor operations- are 

subject to user authorization: and 

FIG. 10 is a flow chart illustrating an embodiment of the present invention in which the PIN is entered 
directly into the personal key. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

In the following description, reference is made to the accompanying drawings which form a part hereof, and 
which is shown, by way of illustration, several embodiments of the present invention. It is understood that 
other embodiments may be utilized and structural changes may be made without departing from the scope 
of the present invention. 

Hardware Environment 

FIG. 1 illustrates an exemplary computer system 100 that could be used to implement the present 
invention. The computer 102 comprises a processor 104 and a memory, such as random access memory 
(RAM) 106. The computer 102 is operatively coupled to a display 122, which presents images such as 
windows to the user on a graphical user interface 1 18B. The computer 102 may be coupled to other 
devices, such as a keyboard 1 14. a mouse device 1 16, a printer 128, etc. Of course, those skilled in the art 
will recognize that any combination of the above components, or any number of different components, 
peripherals, and other devices, may be used with the computer 102. 

Generally, the computer 102 operates under control of an operating system 108 stored in the memory 106, 
and interfaces with the user to accept inputs and commands and to present resuits through a graphical 
user interface (GUI) module 11 3A. 

Although the GUI module 1 13A is depicted as a separate module, the instructions performing the GUI 
functions can be resident or distnbuted in the operating system 108. the computer program 110, or 
implemented with special purpose memory and processors. The computer 102 also implements a compiler 
1 12 which ailows an application program 1 10 written in a programming language such as COBOL, C++, 



http://12.esoacenet.com / esoacener/np^r 9 ^ rT=n-*rY=chADR=EPD&PNP=WOO(U?dQl*PN 02- 05-1 



^sptocenec - Description 



Page 5 sur i 9 



FORTRAN, or ether language to be translated into processor 104 readable code- 
After completion, the =cciicaticn 110 accesses and manipulates data stored In the memory 106 of the 
computer 102 using :re relationships and logic that are generated using the compiler 112. The computer 
102 also comprises an nouc/output (I/O) peri 130 for a personal token 200 (hereinafter aiternatively 
referred to aiso as a cersonai key 200). In one embodiment, the I/O port 130 is a US3-ccmpliant port 
implementing a US3-ccmciiant interface. 

In one embedment, instructions implementing the operating system 108, the computer program 110. and 
the compiler 112 are tangibly embodied in a computerreadable medium, e. g. 5 data storage device 120, 
which couic :nciude one or more fixed or removable data storage devices, such as a zip drive, floppy disc 
drive 124. hard drive. CD-ROM drive, tape drive, etc. Further, the operating system 108 and the computer 
program 110 3re comonsed of instructions which, when read and executed by the computer 102, causes 
the computer 102 to perform the steps necessary to implement and/or use the present invention.' Computer 
program 110 and/or oeerating instructions may also be tangibly embodied in memon/ 106 and/or data 
communications devices, thereby making a computer program product or article of manufacture according 
to the invention. As sucn. the terms"article of manufacture" and"computer program producf'as used herein 
are intended to encomcass a computer program accessible from any computer readable device or media. 

The computer 102 may oe communicatively coupled to a remote computer or server 134 via 
communication medium 132 such as a dial-up network, a wide area network (WAN), local area network 
(LAN), virtual private network (VPN) or the 

Internet. Program instructions for computer operation, including additional or alternative application 
programs can be loadec from the remote computer/server 134. 

In one embodiment, the computer 102 implements an Internet browser, allowing the user to access the 
world wide web (WWW) and other internet resources. 

Those skilled in the air will recognize that many modifications may be made to this configuration without 
departing from the sccoe of the present invention. For example, those skilled in the art wiil recognize that 
any combination of the above components, or any number of different components, periDherais, and other 
devices, may be used with the present invention. 

Architectural Overview 

FIG. 2 is a block diagram illustrating selected modules of the present invention. The personal key 200 
communicates with and obtains power from the host computer through a USB-compliant communication 
path 202 in the USB-ccmpliant interface 204 which includes the input/output port 130 of the host computer 
102 and a matching input/output (I/O) port 206 on the personal key 200. Signals received at the personal 
key I/O port 206 are passed to and from the processor 212 by a driver/buffer 208 via communication paths 
210 and 216. The processor 212 is communicatively coupled to a memory, 214, which may store data and 
instructions to implement the above-described features of the invention. In' one embodiment, the memory 
214 is a non-volatile random-access memory that can retain factory-supplied data as well as customer- 
supplied application reiated data. The processor 212 may also include some internal memory for 
performing some of these functions. 

The processor 212 is optionally communicatively coupled to an input device 218 via an input device 
communication path 220 and to an output device 222 via an output device communication path 224, both 
of which are distinct from the USBcompliant interface 204 and communication path 202. These separate 
communication paths 220 and 224 allow the user to view information about processor 212 operations and 
provide input related to processor 212 operations without allowing a process or other entity with visibility to 
the USB-ccmpliant interface 204 to eavesdrop or intercede. This permits secure communications between 
the key processor 212 and the user. In one embodiment of the invention set forth more fully below, the user 
Z communicates directly with the processor 212 by physical manipulation of mechanical switches or devices 

actuatable nom the external side of the key (for example, by pressure-sensitive devices such as buttons 
and mechanical switcnes). in another embodiment of the invention set forth more fully below, the input 
device includes a wheei with tactile detents indicating the selection of characters. 

The input device and output devices 21 8,222 may cooperatively interact with one another to enhance the 
functionality of the personal key 200. For example, the output device 222 may provide information 
prompting the user to enter information into the input device 218. For example, the output device 222 may 
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thumbprint v/nen the user grips che personai key 200 to insert it imo :he host computer "02 I/O oca 130. To 
facilitate measurement of the noider's fingerprint, the exterior surface of the personal kev 200 can be 
designed :c cradle the users :humb in a particular piace. Alternatively, to increase security, the exterior 
appearance of the personal key 200 may be aesigned to masK rhe :resence of the biometric sensor ?50 
entirely. 

The biometnc sensor 250 can be advantageously placed in a posicicn where it can be exoected to collect 
known ca:a or a predictaoie type, at a known time (for example, octaming a thumbprint when the personal 
key 200 is ciugged into the host computer I/O port 130). The oersonal key 200 acceots data from 'he 
biometnc sensor 250 via biometnc sensor communication path 225 to verify rhe identity of the person 
holding the <ey with no oasswords to rememoer or compromise, or any other input 

Thus, the biometric sensor 250 provides a personal key 200 with a Heightened level of security which is 
greater than that which can be obtained with a biometric sensor or oasswords aione. if necessary, the 
personal key 200 can be configured to recognize the host computer 102 it is piucged into, and using data 
thus obtained, further increase the security of the key. 

The biometnc sensor can also be used to increase the security of the oersonal key in other ways as well. 
For example, if the personal key were to be stolen, the biometric sensor can be used to me may aiso 
perform this dial up anc report function if a number of incorrect passwords have been supplied. 

In one emccdiment of the present invention, the personal key 200 also comprises a data transceiver 252 
for communicating data with an external data transceiver 254. The aata transceiver 252 is communicatively 
coupled tc the processor 212, via the driver 208 and communication paths 216 and 223. and allows the 
personal key 200 to transmit and receive data via the transmission and reception of electromagnetic waves 
without exposing the data to the USB-compiiant interface 204. 

Alternatively, the data transceiver 252 may be communicatively coupled directly to the processor 212. 

In one embodiment the data transceiver 252 comprises an infrarea (!R) transceiver that can communicate 
with a number of commercially available peripherals with similar capability. This feature orovides the 
personal key 200 another means for communicating with external penoherals and devices, even when the 
personal key 200 is already coupled to the I/O port 1 30 of the host computer 1 02. 

In one embodiment, the personal key 200 also comprises a power source such as a battery or capacitive 
device. The power source supplies power to the components of the personal key to allow the data to be 
retained and to allow personai key functions and operations to be performed, even when disconnected 
from the host computer 102. 

FIG. 3 is a diagram of the memory resources provided by the memory 214 of the personal key 200. The 
memoiy resources include a master key memory resource 312, a personal identification number (PIN) 
memory resource 314, an associated PIN counter register 316 and PIN reset register resource 318, a 
serial number memory resource 310, a global access control register memory resource 320, a file system 
space 324, auxiliary program instruction space 322, and a processor operation program instruction space 
326. The processor operation program instruction space 326 stores instructions that the personal key 200 
executes to perform the nominal operations described herein, including those supporting functions called 
by the application program interface 260 associated with the applications 110 executing in either the host 
computer 102 or the remote server 134. The auxiliary program instruction space provides the personal key 
200 with space to store processor 212 instructions for implementing additional functionality, if desired. 

3 The ma ster key is an administrative password that must be known by the trusted entity or program that will 

% initialize and configure the personal key 200. For example, if the personal key 200 is to be supplied to a 

£' number of remotely located employees to enable access to private documents stored in a remote server 

h |) through a 

l"i <" VPN « the system administrator for the remote server may enter the master key (or change the key from the 

- factory, settings) before providing the key to the remotely located employees. The system administrator also 

| stores the master key in a secure place, and uses this master key to oerform the required secure 

^ operations (including, for example, authorization and authentication cf the remote users). 

V' ,n one embodiment, the master key can not be configured, reset, or initialized if the MKEY can not be 
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verified first. Hence, if the master <ey is unKnown the personal key 200 would have :c ce destroyed/thrown 
away or returned to the factory :o be reset :c the factory settings. 

The PIN is an optional value that can be usee to authenticate ;he user of the personal key 200. The PIN is 
initialized by the trusted administrator. Decending on how the oerscnal key 200 initialization program is 
implemented and deployed, \i is ocssibie for :he end user to set and/or update their PIN. The PIN may 
comprise alphanumeric characters or simply numbers. 

The PIN can also be checked using an application program interface (API) call that transparently uses the 
two associated registers 315 ana 318. The PIN counter resource 315 is a decrementing counter, while the 
PIN reset register resource 313 is used to store a limit that is used to reset the PIN counter 316 memory 
resource. The 

PIN count and limit registers 315 and 318 are used to prevent a rogue application cr user from rapidly 
testing thousands of random PINs in an attempt to discover the PIN. 

When the PIN is initialized, the -decrementing counter register 316 is set to the value in the PIN reset 
register resource 318. Whenever a PIN verification fails the counter register 316 is decremented. When a 
PIN verification succeeds then the counter register is set to the limit value. When the decrementing counter 
register 316 reaches 0. no more PIN verifications are permitted until a trusted administrator resets the PIN 
counter register 316 to the limit value. For example if the PIN reset register resource 313 limit has been set 
to 3, then a user could fail PIN verification 3 times whereupon the PIN would be rendered useless until it is 
reset The counter register 315 would be reset to 3 when a correct PIN was successfully verified. 

The serial number is a unique factory installed serial number ; SN). The serial number can be used to 
differentiate a single user from all other personal key 200 users. 

The memory 214 of the personal key 200 also includes built in algorithm memory resources 302. including 
a MD-5 hash engine memory 304 for storing related processing instructions, an HMAC-MD5 authorization 
memory resource 306 for storing related processing instructions, and a random number generator memory 
resource 308 for storing processing instructions for generating random numbers. The random number 
generator can be used to generate challenges to be used when generating authentication digest results as 
well as to provide seeds to other cryptographic procedures, i he MD-5 algorithm accepts as an input a 
message of arbitrary length, and produces a l28-bit"fingerprinf , or"message digesf'of the input as an 
output. In doing so, the algorithm scrambles or hashes the input data into a reproducible product using a 
high speed algorithm such as RFC-1321. The hashed message authentication codes (HMAC) can be used 
in combination with any iterated cn/ptographic hash function (e. g. MD-5) along with a secret key, to 
authenticate a message or collection of data. The personal key 200 integrates this method to provide a way 
for the end user or application data to be authenticated without exposing the secret key. 

The present invention allows end user authorization using two security mechanisms. The first mechanism, 
which is discussed below, allows software running on the host computer 102 or the remote 
computer/server 134 to authenticate the personal key 200. This first mechanism uses a hashing algorithm 
and a mutually agreed upon secret value known to both the personal key 200 and the entity attempting to 
authenticate the personal key. The second mechanism, which is discussed later in this disclosure, allows 
the personal key 200 to authenticate the user who is trying to use the personal key 200. This second 
mechanism uses a personal identification number (PIN) to help prevent unauthorized use or access in 
situations where the key has been lost or stolen. As set forth more fully below, the PIN can be entered 
directly in the personal key 200. thus increasing security by assuring that the PIN is never exposed external 
to the personal key 200. 

FIG. 4 is a diagram showing one embodiment of how the HMAC-MD5 engine is used to authenticate the" 
identity of the personal key 200 or the application data stored therein. Associated with the personal key 200 
and executing either in the host computer 102 or the remote computer/server 134 is a personal key library 
of functions which are linked with an application executing in the host computer (e. g. application program 
1 10) or in the remote computer/server 134. A hash algorithm 410 is implemented in both the application 
1 10 and the personal key 200. Both the application 1 10 and the personal key 200 have access to a secret 
406. The secret 406B is retained within the memory 214 of the personal key 200 in a location where it 
cannot be accessed without suitable permission. Typically, secret 406B is stored in the personal key 200 
by the system administrator or some other trusted source. 
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Hence, if the user of the personal key 200 is the entity that the application 110 thinks it is. the application's 
secret 406A and the personal .<ey's secret ^053 are the same. 

This can be verified by a hasning algorithm without exposing the secret. Similarly, if the user of the 
personal key 200 is no: the entity that the aopiicaiion expects, secrets 406A ana 4063 will be different This 
too can be verified by a Hashing algorithm without exposing the secret. 

A challenge is generated by the application 110. and provided to the hash algorithms 410 accessible to the 
application 110 and the nash algorithm implemented in the personal key 200. Each hash algorithm applies 
the challenge and the -esident secret to generate a hashed outout 412. If the hash aiaonthms were 
equivalent and each of the secrets 406A ana 406B were the same, the resulting hashed output 412 or 
digest string in each case should be the same. If the digest strings 412A and 4123 comoare equal using 
logic 414 in the application, the personal key 200 is trusted. 

Further, if the user authentication was verified, the user is trusted as well. One advantage in this 
authentication system is that the challenge 408 can be transmitted over untrusted mecia such as the 
Internet. The secret 403 remains coded in the application 110 or remote server 134 prcaram and in the 
personal key 200 where it remains without being exposed to network sniffers/snoopers or potentially 
compromised user interfaces. 

The file system memory resource 324 is fully managed within the application program interface library 260 
in either the host computer 102 or the remote server 1 34. It provides a flexible system for storing 
protecting, and retrieving personal key 200 data. 

FIG. 5 is a diagram illustrating the data contents of a file system memory resource 324 of an active 
personaj key 200 thai provides authentication and specific configuration data for several applications. The 
master file (MF) 502 is the root directory and uses an identification (ID) of zero (0). The MF 502 may 
contain pointers 504A and 504B or other designations to data files 506A and 506B, as well as pointers 
o08A and 508B to directories 510 and 516. Directories and files are defined by an identification (1 
OxFFFFFFFF for the directories, and 0 OxFFFFFFFF for files). The directories 510 and 515 also contain 
pointers (512A-512B and 518A518B, respectively) to data files (514A-514B and 520A-520C, respectively). 

Three file types are implemented, as shown in Table I below: 



Type Access 

DATA Any variable length string of unsigned characters 
KEY Strings that are used as input to cryptographic operations 
CTR Data files that have a decrementing counter (e. g. a counter of 
16 bits). The counters range from 0 to XFF and are used to 
limit the number of times a data file can be read. 



Table I 

These file types can be controlled on a per-file basis, according to Table 2 below: 



Access Types File Types 
DATA KEY CTR 

! Read Control Never-no Control I 
control 

Write Control Control Control 

Crypt Always-no control Control Always-no 

control 

Table 2 

The read and write access type controls govern the transfer of files in the personal key 200 to and from the 
application 1 10. The crypt access type is used with 
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KEY file types for performing cryptographic operations including the computation of hash values, 
encrypting! or decrypting data. When set. the controls defined in Table 2 can have one of four attributes 
fisted in Tabie 3 below: 



Attribute Access 

ALWAYS Always granted, regaraless of wnether the proper PIN or 
MKEY has been supplied to the personal key 200. 

NEVER Never granted, regardless of whether the proper PIN or 
MKEY has been supplied to the personal key 200. 

PIN Access is granted if and oniy if the proper PIN has been 
supplied to the personal key 200. and PIN verification is 
successful (user authentication). 

MKEY Access is granted if and only if the proper master key 
(MKEY) has been provided to the personal key 200, and 
master key verification is successful (super user or security 
officer authentication). 

Table 3 

A global access control register 320 applies to the entire scope of the personal key 200 file system. 
Nominally, the global access control register 320 is an 8-bit value that is divided into two global access 
controls as shown in Table 4 below: 



Global Access Type Global File System Access 
Create Control 
Delete Control 

Table 4 

The create and delete global access types can have one of the four attribute values shown in Table 5 
below. The create and delete global controls are enforced by the CreateQir, CreateFile, DeleteDir, 
DeleteFile, and DeleteAIIFiles API calls described in Table 5 below. 



Attribute Access 

i 

ALWAYS Always granted, regardless of whether the proper ! 
PIN or MKEY has been supplied to the personal 
key 200. 



NEVER Never granted, regardless of whether the proper 
PIN or MKEY has been supplied to the personal ! 
key 200. 
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PIN Access Is grantee .f and only if the proper PIN has 
been supplied to the cersonai key 200. and PIN 
verification is successful (user authentication). 



MKEY Access is granted if ana only if the proper MKEY 
has been supplied to -he perscnai key 200, and ! 
PIN verification is successful (super user or ! 
secunty officer authentication). 

Table 5 

Table 6 is an alphabetical listing of personal key 200 APIs 260 in the library. 

In Table S."D H indicates a device-related function/'F'denotes a file system related function. TV'denotes an 
administrative function. and"C"denotes a cryptographic function. 



Name Description D F A C I 

CloseDevice Close access to the personal key i 

CtoseFile Close selected file W - 

CreateDir Create a directory in the personal 

key memon/ 

CreateFile Create a file in the personal key 
memory 

Decrement Decrement a CTR type file 
DeieteAIIFiles Reformat file space +1+1 
DeleteDir Delete directory | 4 i 
DeleteFile Delete file 
Dir Return directory and file X 
information - 

GetAccessSettings Return current global i 
create/delete 

GetChallenge Returns a 64-bit random number 4 + 
GetSerialNumber Read unique serial number 
HashToken MD5 hash the selected file or VV 
currently open file-two modes 
are supported (1) XOR hash and 
HMAC hash 

HMACMD5 This function is a wrapper for W V 
performing HMAC-MD5 using 
the HashToken function in the 
HMAC mode. It computes MD5 
without exposing the key. - 

"I 

L;|' Name Description D F A C ( 

'% LedControl Control the output device, + 

including turning an LSD or 

other output device on or off 
« ModifyMasterKey Update/Modify master key V 

ModifyPIN Update/Modify PIN 

OpenDevice Open one of 32 potential 
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personal keys 

ReadFiie Return contents of selected file < 
ResetDevice Reset to cower-on state i W 
SeiectFlle Open a fiie ■ 

SetAccessSettings Uccate giocal create/deiete z; 
access settings 

VerifyMasterKey Verily ;he master key provided g 

as an argument is the master key 

stored in the persona i <ey 

Verify PIN Verify that - he PIN provided as V 

an argument is the PIN stored in 

the personal key (user 

authentication) 

VerifyPIN2 An alternative command used to i 

verify the user PIN without 

exposing the PIN externally to 

the personal key 200. This 

command is issued without the 

PIN as an argument, and the 

personal key 200 returns a 

response indicating whether the 

PIN entered by the user on the 



Name Description D F A C 
input device 218 matches that of 
the stored PIN in the memory 
214. 



WriteFiie Write contents to the selected +1 
file 

MDSHash Hash routine: wrapper (provided ~ W 

in API library and not 

implemented in personal key) 

MDSFinal Finish computation and return i 

digest (provided in API library 

and not implemented in personal 

key) 

MDSInit Initialize message digest context V 
(provided in API library and not 

implemented in personal key) \ 
MDSUpdate Update message digest context V 
(provided in API library and not 
implemented in personal key) 

Table 6 

Exemplary Application to a Virtual Private Network 

Using the foregoing, the personal key 200 and related APIs 260 can be used to implement a secure 
document access system. This secure document access system provides remote users access to secret 
encrypted documents ever the Internet to company employees. The system also limits the circulation of 
secret encrypted documents so that specified documents can be read only a limited number of times. 

The application program 110 used for reading documents is linked with the personal key API 260 library to 
allow document viewing based on the information in the personal key 200. A trusted administrative 
program controlled by the master key can be used to set up the personal key 200 (by storing the 
appropriate information with the associated security control settings) for a wide range of employees. 
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The personal key 200 ana the API 250 library can oe used to authenticate document viewers and 
administrators, to succ:y keys for decryption and encryption of documents, to provide a list of viewable 
documents, and to enforce accument access rights and counters. 

The foregoing can be imciemented in a numcer of programs, including an administrative initialization 
program to set up the personal keys 200 before delivery to the employees (hereinafter referred to as 
SETKEY), a accument encryption and library update program (hereinafter referred to as SUILDDOC), a 
viewer application that authenticates the user and the personal key 200 (hereinafter referred to as 
VIEWDOC). and a library application which authenticates the user and updates >he personal key 
(hereinafter referred to as LiBDOC). 

The SETKEY program :s usee :o setup personal keys received from the factory for individual users. 
Document names, access counters, a PiN ; and a hash secret are loaded into the personal key 200. 
Depending on the employee's security clearance, specific documents can be configured for viewing. For 
sake of clarification the following symbolic names are used in the discussion beiow: 
DOCFilename-iKey data file that holds the document file name 
DOCSecret-iKey data n!e that holds a secret used to make encryption/decryption keys 
First, the SETKEY program gains access to the personal key 200 by issuing an 
OpenDevice commanc. The VerifyMasterKey command is then issued to open :he personal key 200 to 
master access. A Dir command is used in a loop to obtain ana verify the status of the personal key 200. 
The comments are compared to the contents of a factory-fresh key, and one of several states is 
determined. If the key is factor/ fresh, the personal key is initialized. A VIEWDOC directory and file set is 
then created. An employee database can then be accessed and used to determine the type and extent of 
the access that is to be granted to each employee. Depending on the security clearance of each employee, 
one of several types of director/ and file sets can be created. The global create and delete access types 
are then set to the master key using the SetAccessSettings command. The DOCFilename database is then 
loaded in the personal key 200. and the CreateDir and CreateFile APIs 260 are used as required to create 
and allocate directories and files. The SelectFile, WriteFile, and CloseFile 

API commands are used to load the files and the secret. Depending on whether access is to be limited to a 
particular number of occasions, the DATA or CTR file types are used. 

The BUILDOC program is used to accept new documents into the secure access library. Using information 
from the personal key 200, encryption keys are generated that are used by a document encryption engine 
in the personal key 200. 

The BUILDOC program is a stand-alone application that runs on trusted systems within the secure walls of 
the organization. It requires validation of the master key. It uses the personal key 200 to create an 
encryption key for each document file name. 

First, the HashToken API 260 with the XOR option is used to hash together the DOCFilename, block 
number (computed by the BUILDOC program as it reads and encrypts the'document), DOCSecret. The 
block number is calculated by the 

BUILDOC program as it reads and encrypts the document. The resulting MD5-XOR digest is used as the 

encryption key that is used by the encryption engine in the 

BUILDOC application. Then, the CreateFile, SelectFile, WriteFile, and CloseFile 

APIs 260 along with the HashToken in XOR mode are used on each document that is to be added to the 

secure document library. 

The VIEWDOC program is a web browser 262 plug-in application allows the user to open, decrypt, an view 
the document based on his/her personal key 200 based document access codes. If desired, the view 
counters for some types of documents can also be decremented in the VIEWDOC program. The 
VIEWDOC program does not require file saving or forwarding, screen scraping, and printing. 

The VIEWDOC program validates the user and uploads and decrypts the documents, it uses the VerifyPIN 
command API 260 to authenticate the user. The user can then view the documents listed in the personal 
key 200 directory as long as the personal key 200 remains communicatively coupled to the USB port 130. 

A message facility, such as the message facility used in the WINDOWS operating system 
(WMDEVICECHANGE) can be used to determine if the key has been removed. The Dir, SelectFile, 
ReadFile, and CloseFile command APIs 260 are used to determine which documents can be read. The 
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HashToken with the XCR mode API 250 aicng with OOCSecret. DCCFilename. and the document biock 
numbers are used to create the decryption <ey on a per biock basis. When the 

QOCfiiename is of file 7/pe CTR. the CTR Is aecremented using :he Decrement command AP! 250. In one 
embodiment to reduce complexity, the CTR rleid is not hashed, but merely managed by VIEWDOC. 

The LIBDCC program provides an administrative function that is a subset of 

3ETKEY. It allows a secure document libranan to grant access to cccuments based upon information 
stored in che personal key 200. The net effect is that the trusted librarian can upcate the personal key 200 
based list of documents that can be viewed. 

The LIBDCC orogram updates the list of DOCFilenames on a per-personal key 200 basis. After verifying 
the master key with VenfyMasterKey command API 250 and looking the user name up in the employee 
data base. the current set of DOCFilenames are updated using the SelectFile. WriteFile. and CloseFile 
command 
APIs 260. 

Using the foregoing, employees worldwide can carry a personal key 200 loaded with their local database of 
file names, individual departments do not have to rely on MIS proceaures to restrict who has access to 
documents. The personal keys 200 of department members can be updated using the LIBDOC program as 
required. 

Documents can be decrypted and viewed by the employees only if the personal key 200 secret is correct. 
The personal secret remains secure because it is never revealed outside of the personal key 200. A simple 
form of metering can also be used to reduce the number of copies of documents that can be used to 
reduce the number of copies of documents that can be viewed. 

FIG. 6 is a diagram presenting an illustration of one embodiment of the personal key 200. The personal key 
200 comprises a first housing member 602 and a second housing member 604. The first housing member 
502 is sized and shaped so as to accept a circuit board 606 therein. 

The first housing member 502 comprises a plurality of bosses 624. which, when inserted into each 
respective hole 640 in the second housing member 604, secures the first housing member 602 to the 
second housing member SO* The first housing member 602 and the second housing member 604 also 
each comprise an aperture 628, which allows the personal key 200 to be affixed to a key chain. 

The circuit board 606 is held in position by a plurality of circuit board supports 608. The circuit board 606 
comprises a substantially flat circuit connection surface 610 on the periphery of the circuit board 606 for 
communicative coupling with the host processing device or computer 102 via conductive pins. Circuit 
connection surface 610 allows communication with a processor 212 mounted on the circuit board 606. The 
processor 212 comprises memory and instructions for performing the operations required to implement the 
functionality of the personal key 200 as disclosed herein. The processor is communicatively coupled with a 
memory 214 on the circuit board to store and retrieve data as required by processor 212 instructions. 

In the illustrated embodiment the circuit board 606 also comprises an output device 222 such as a light 
emitting device 616, e. g. light emitting diode (LED), which provides the user of the personal key 200 a 
visual indication of the operations being performed by the personal key 200. This is accomplished, for 
example, by emitting light according to a signal passing from the host computer 102 to the personal key 
200. The light emitting device could also comprise a liquid crystal display (LCD) or other device providing a 
visual indication of the functions being performed in the personal key or data passing to or from the 
personal key 200. 

The energy from the light emitting device 616 is presented to the user in one of two ways. In the 
embodiment illustrated in FIG. 2. the light emitting device 616 is disposed through a light emitting device 
orifice 644 in the second housing member 604. In this design, the personal key 200 can be sealed with the 
addition of a small amount of epoxy or other suitable material placed in the light emitting device orifice 644 
after assembly. 

In another embodiment the light emitting device 616 does not extend beyond the interior of the housing 
602,604, and remains internal to the personal key 200. In this embodiment, at least a portion of the first 
housing 602 or the second housing 604 is at least partially translucent to the energy being emitted by the 
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light emitting device 516 at the oandwidths of Interest. For example. ,f the light emitting device 615 were a 
simple LED. -he secona ^ousing S04 can be selected of a material :hat is translucent at visual 
wavelengths. One advantage cf the foregoing emboaiment Is that :he LED can ce placed where it does not 
ailow electromagnetic siscnarges and other undesirable energy to :ne circuit board 606 or any of the 
components disposeo thereon. This is because no part of the LED. even the surface, is in contact with the 
user's hana at any time. 

While the foregoing has ceen described with a single light emitting device 646. :he present invention can 
also advantageously emcody two or more light emitting devices, or devices emitting energy in other 
wavelengths. For examoie. :he foregoing can be implemented with a [hree cotor LED (red. yellow and 
green), or three one-ccicr 

LEDs to transfer personal key 200 information to the user. 

In addition to or as an alternative to the foregoing, information regarding the operation of the personal key 
200 is provided by an aurai transducer such as a miniaturized ioudsceaker or piezoelectric transducer. 
Such aural information would be particularly beneficial to users with limited or no vision. For example, the 
aural transducer can be jsed to indicate that *he personal key 200 has been inserted properly into the host 
computer 120 I/O port *30. 

An aural transducer may also be used to provide alert information to :he user. 

This is particularly usefut in situations where the user is not expecting any input or information from the key. 
For example, if the personal key 200 or related device is engaged in lengthy computations, the aural ... 
transducer can indicate when the process is complete. Also, the aurai transducer can indicate when there 
has been an internal fault, when there has been an attempt to compromise the security of the key with 
infected or otherwise harmful software instructions, or to prompt the user to take an action such as 
providing an input to the key 200. 

Further, it is envisioned that as the use of personal keys 200 will become widespread, it will be beneficial to 
incorporate the functions of other devices within the personal key. For example, a device such as a paging 
transceiver can be incorporated into the personal key to allow the user to be summoned or contacted 
remotely. Or, the personal key 200 may be used to store programs and instructions such as the user's 
calendar. In this application, the personal key 200 can be used to remind the user of events on the 
calendar, especially in conjunction with the LCD display discussed above. The aural transducer can be, 
operated at a wide variety of frequencies, including minimally audible vibrational frequencies. This design is 
particularly beneficial, since the personal key is small enough to be placed on the user's key ring, where it 
will be in pocket or purse for lengthy periods of time where it cannot be seen or easily heard. 

FIGs. 7A-7C are diagrams showing one embodiment of the personal key 200 having an input device 218 
including a first pressure sensitive device 702 and a second pressure sensitive device 704, each 
communicatively coupled the processor 212 by a communication path distinct from the USB-compliant 
interface 204. 

FIG. 7A illustrates an embodiment of the personal key 200 in which an output device 222 such as an LED 
or LCD display 706 is communicatively coupled to the processor 212 by a second communication path 
distinct from the USB-compliant interface 204. In this embodiment input to the personal key processor 212 
may be supplied by depressing a combination of the pressure sensitive devices 702,704, optionally as 
1* directed by the output device 222. 

In an embodiment illustrated in FiGs. 7B and 7C, the pressure sensitive devices 702 and 704 are simple 
mechanical push switches communicatively coupled to the processor 212 via traces on the circuit board 
606. In this case, the switches 702 and 704 may be actuated by depressing a button surface that extends 

~ through apertures 708 and 710 in the second housing member 604. FIG. 78 also shows a window 712 

$ permitting viewing of the output device 706 display. 

FIG. 7C shows the exterior appearance of this embodiment of the personal key 200 when the first housing 
>, p . member 602 and the second housing member 604 are assembled. 

• lis. 

In another embodiment of the present invention, the pressure switches 702 and 704 do not extend to the 
" r exterior of the personal key 200. Instead, the personal key 200 is configured so that pressure may be 
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exened on the oressure sensitive switches 702 ana 704 without requiring any portion :f :he switcnes to 
extend to the exterior of ;he personal key 200. For example, in one embodiment, at ; east a oortion of the 
exterior surface of the c arson si key 200 is sufficiently flexible :o permit pressure exenec cn the outside 
surface of the key 200 :o actuate the switcnes therein. 

Alternatively, ;he first reusing member 502 and the second housing member S04 may oe hinged to allow 
pressure to be appliec :c ihe'switch. in another embodiment, the threshoided output of a pressure sensitive 
device such as a strain gauge is used to inaicate user input to the personal key. 

The foregoing pressure sensitive devices 702 3nd 704 may be used as follows. 

In one embodiment, the two cressure sensitive devices 702 and 704 is used to enter aichanumeric 
information. Here, pressure can be applied to the first pressure sensitive device 702 to seiect the desired 
character. To assist the user, the currently selected character can be displayed on the output device 222. 
When the user is satisfied with the selected character, applying pressure to the seconc pressure sensitive 
device may indicate that the currently displayed character should be entered (thus providing an 
"enter^funciion). This process may be repeated until all of the characters of the user incut (e. g. a user 
password or personal identification number (PIN) has been entered. 

The end of the user incut can be signified by repeated application of pressure to the second pressure 
sensitive device 702. and confirmed by the output device 222. An- aural transducer can be used alone or in 
combination with a visual display to indicate the character, to indicate an error, or to indicate when the user 
input process has been completed. 

The foregoing pressure sensitive devices may also be used to provide a binary input to the personal key 
200. For example, the user's PIN or password can be entered by applying pressure to the first pressure 
sensitive device 702 and the second pressure sensitive device 704 in the proper or6er in rapid succession. 
In this way, a user password or PIN defined as"101000101 1 V'may be entered by depressing the first 
pressure sensitive device 502 to indicate a"Q"and the second pressure sensitive device 704 to indicate 
a"1 

FiGs. 8A-8C are diagrams presenting an illustration of another embodiment of the present invention. In this 
embodiment, the input device 218 comprises an edge exposed wheel 302 coupled to the processor by the 
input device communication path 308. In this embodiment, the user provides an input by urging the wheel 
802 through a series of tactile positions identifying input characters. When the desired input character is 
either shown on the output device 222 or on the wheel 802 itself, the user can indicate the character as a. 
user input by urging the wheel 802 toward the centeriine of the personal key 200. This process can be 
repeated for a series of input characters, until all of the desired characters are provided. The user can also 
indicate that no more input will be provided by urging the wheel 802 toward the center of the personal key 
multiple times in rapid succession, or by selecting an input tactile position on the wheel 802 and depressing 
the wheel 802. 

Security Features Using the input and Output Devices 

The input device 218 and output device 222 of the present invention can be advantageously used to 
enhance the security of the personal key 200. For example, when connected to the host computer 102, the 
personal key 200 can be used to authorize transactions with a remote computer/server 1 34 
communicatively coupled to the host computer 102 via a communication medium 132 such as a dial-up 
network, the Internet, LAN, or WAN. Malicious software, which can be executing in the remote 
computer/server 134 or the host computer 102, can send anything it wants to the personal key 200 for 
authorization without the knowledge or permission of the user. Without some sort of user input device 218, 
the personal key 200 can authorize transactions without the user's knowledge that the holder cannot 
repudiate. Such transactions may include, for example, payment and legally binding signatures. 

Although a personal identification such as the personal identification number (PIN) is required to log on and 
activate the personal key 200, the personal key 200 ordinarily remains active once the PIN has been 
entered. Hence, the personal key 200 will perform any action for any application, without notice to, or 
authorization by the user. 

To ameliorate this problem, one embodiment of the present invention utilizes a "squeeze to 
sign"authorization technique, in which some direct user action is required to authorize the use of identified 
secret values stored in the personal key 200. For instance, if a private key (such as the secret 406) or PIN 
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stored in <ne memory 2 A ± of trie personal key 200 is Identifiea as requiring a"squeeze <o sigm'authorization. 
firmware executing in :he processor 212 of rne personal key 200 requires direct user \npui via the input 
device *1C or the data Transceiver 252 before honoring any request from the host ccmcuter 102 or the 
remote ccrr.outer/server 134 that involves the use of the private key or personal Information. Ordinarily, the 
private key and/or otner oersonai information is designated as requiring direct authorization by an 
associated vaiue or flag in the memory 214. Such data may also be designated as ,, use-oniy i, indicting that 
the data cannot be reac directly from the key under any circumstances. 

The data may oe sharec with no other entity : as would often be the case with a PIN), or may be a value 
shared with the trustee entity and used for authorization, sucn as the secret 406. For example, private keys 
can be used as the secret 4QS to perform authorization via hash functions, in such cases, the secret value 
406 is typically a shares secret such as a DE3 key or a password. Since secret values 406 can be stored 
in the memory 214 of the personal key 200. before distributing the personal key 200 to the user, the secret 
vaiue 406 need not be made available in plaintext form at any time. 

Typically, each time a user connects to an SSL secured web site that supports client authentication, a 
browser 252 calls middleware such as one of the APIs 260 or the PKCS 264. wnich commands the 
personal key 200 to encrypt a challenge value with the user's secret private key 406B (stored in the 
personal key memory 214). 

Assuming [he user's PIN is aiready stored in the personal key 200. thus authenticating the user to the 
personal key 200, it stiil remains to authenticate the key to the secure web site. In this case, access to the 
user's secret private key is required, and the output device 222 integrated with the personal key 200 may 
activate ro indicate that a command that requires access to the private key has oeen invoked, and that the 
user needs to authorize this access. In one embodiment of the present invention this is accomplished by 
blinking a visual output device (such as an LED or LCD display), or by beeping an aurai device. In another 
embodiment of the present invention, the middleware (either the API 260 or the PKCS 264) activates the 
display 122 attached to the computer 102, inaicating that the user must authorize access to the private key 
before processing can proceed. An input device 218 in the personal key 200 such as the wheel 802 or one 
of the pressure sensitive devices 702 and 704 can then be actuated by the user to indicate that the user 
has authorized access to the private key. 

No authorization is granted if the personal key 200 is removed from the I/O port 130, or a'^ancefbutton 
presented on the display 122 is selected to refuse the on-screen dialogue. Access to the private key (in the 
example above, to perform the hash function) is granted if the user authorizes as such. The"squeeze to 
sign"concept thus makes it less likely that malicious software will be able to use the secret 4068 without 
the user's consent or knowledge. 

Malicious software may monitor the interface between the personal key 200 and the host computer 102 to 
capture the value of user's PIN. Although the PIN cannot be read directly Jt is possible for the malicious 
software to examine both the 

Verity PIN command described in Table 6 (and it's argument) and the response from the personal key 200. 
If the response indicates that the proper PIN was provided as an argument to the VerifyPIN command, the 
malicious software can determine the PIN itself. The foregoing can also be applied to further safeguard the 
user's PIN instead of the secret 406B. For example, if a sniffer module in malicious software in the host 
computer has been able to access the user's PIN, when it attempted to use that PIN in a context the user 
did not expect, the user would be alerted to the fact that the PIN had been compromised. 

FIG. 9 is a flow chart illustrating an embodiment of the present invention in which processor 212 operations 
are subject to user authorization. First, the API 260 issues 902 a command that invokes a processor 212 
operation. The command is transmitted via the USB-interface 204 to the personal key 200. The processor 
212 accepts the command, as shown in block 904. The personal key 200 then determines whether the 
invoked processor command is one that requires authorization. This can be accomplished by storing 
information in the memory 214 of the personal key indicating which processor commands require 
authorization. For example, this can be implemented in a map stored in the memory 214, a plurality of 
flags, where it may be customized for each user or the information can be stored in the processor 212 
firmware or similar location so that the mapping cannot be altered. In one embodiment, different levels of 
authorization are implemented for different processor commands (e. g. a write command may require 
authorization, whereas a read command may not). 
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In another embodiment, authorization may be premised on cata instead of the invoked command, or on a 
combination of the invc*ed command and data. For example, the present invention may oe configured to 
require authcnzation any :ime the PIN is accessed sn any way. or when the PIN is reaa rrom the memory 
214 of the personal key 200. cut not when other data is read, or when the PIN is written to the personal key 
200. This may be accomplished, for example, by determining which data stored in the memory 214 is 
affected by the processor operation, and determining whether the data affected by the processor operation 
is associated with an identification designating the cata as private information. 

Using one of the cutout devices 222, the data transceiver 252. or the display 1 22 coupled to the host 
computer. ;he personal key 200 may then prompt the user to authorize the processor operation, as shown 
in block 906. This may be accomplished by flashing a display device such as an LED or LCD. by activating 
an aural transducer, or oy pericrming both operations, if desired, the user may be prompted first with a 
display device, and if the authorization is not forthcoming within a specified period of time, the aural 
transducer may be activated. 

To expose the prompting operation as little as possible to malicious software or other intrusive activity, the 
prompt is preferably 'oerformed using a communication path entirely distinct from the communication path 
between the oersonai key 200 and the host computer 102 (in the illustrated example) the US3-mterface 
204. To further increase security, the illustrated embodiment prompts the user with the output device 222 
via a communication path which not manifested externally from the personal key in any way that is visible 
to the malicious software, and is hence not subject to tampering. 

Next, the user provides an input signaling authorization of the operation 910. 

This can be performea using a variety of input devices, such as the mouse 1 16, or keyboard 114. but is 
preferably oerformed using an input device 218 or the data transceiver 252 in the personal key 200. This 
information is communicated to the personal key 200 via a communication path that is entirely distinct from 
the communication path between the personal key 200 and the host computer 102, and preferably entirely 
internal to the personal key 200 (not manifested externally to the personal key 200 by a means visible to 
malicious software). This prevents malicious software interfering with or emulating the user authorization. 

Another embodiment of the present invention provides additional PIN security. In this embodiment, the 
VerifyPIN command is altered from that which is described in Table 6. Ordinarily, the VenfyPIN command 
accepts what the host computer 102 or remote computer/server 134 believes is the user's PIN as an 
argument. The personal key 200 accepts this command and returns a status indicating whether the proper 
PIN was provided. In this alternative embodiment however, the 
VerifyPIN command is altered so that it does not include the PIN as an argument. The 
VerifyPIN command is provided to the personal key 200. and the user is prompted to enter his or her PIN. 
After the PIN is entered, it is communicated to the processor 212 via a communication path 220 which is 
distinct from the host computer 102-personal key 200 interface, and not externally manifested anywhere 
where it can be detected by malicious software. It is then internally verified, and a message providing the 
result of that manifestation is transmitted from the personal key 200 to the host computer 200 or remote 
computer/server 134. This prevents any external manifestation of the PIN. 

When combined with the hashing technique using the secret 406 above, the foregoing provides a highly 
secure technique for user authorization. The secure hashing technique authenticates the key, and protects 
the secret 406 from external exposure. However, the hashing technique does not authenticate the person 
possessing the key (since it may have been lost or stolen). The ability to enter the PIN directly into the 
processor 212 of the personal key allows the personal key to authenticate the user, and since the PIN is 
never manifested externally from the key, exposure to malicious software is prevented. Since the third 
party can authenticate :he personal key and the personal key can authenticate the user, the third party can 
perform user authentication with a high degree of confidence. 

FIG. 10 is a flow chart illustrating an embodiment of the present invention in which the PIN is entered 
directly into the personal key 200. In block 1002, a command is issued which requires access to the user's 
PIN, such as the VerifyPIN and 

ModifyPIN commands listed in Table 6. The personal key 200 accepts 1004 the command, and if 
necessary, prompts the user for the PIN, as shown in block 1006. 

This may be accomplished with the display 122, one of the output devices 222. or any combination thereof. 
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Preferably, cms is acccmohshea via a communication path distinct and inaccessible from the USB interface 
204. Using one of the .ncut device 213 emccdimenrs described above, the user orovices the PIN to rhe 
personal key 200. 

Using a value siorec > :ne memory 214. che processor 212 in che personal key 200 validates the user- 
entered PIN. in one e^codiment. this is accomplished bv comoaring the user-orovidec value directly with a 
value siorea in the memory 21*. 

The personal key then provides 1014 a resccnse indicating the validity of the PIN. which is accepted by the 
API 260. ; he response ntiicates whether the user suopiied 
PIN was vaiic. 

in one embcaiment. a ciometnc sensor 250 is aiso communicatively coupled to the processor 212. The 
biometric sensor 250 crcvides data to the processor 212 and receives commands from the processor 212 
as described earlier in this disclosure. 

The processor is aiso eotionaily communicatively coupled to one or more light emitting cevices 216 or 
other visuai display device to provide a visuai indication of the activities or status of the personal key 200. 
The processor 212 may aiso be communicatively coupled with an aurai device to provide a vibrational or 
audio data to the user zf the status or activities of the personal key 200. 

Conclusion 

This conduces the description of the preferred embodiments of the present invention, in summary, the 
present invention describes a compact, self-contained, personal token. The token comprises a USB- 
compiiant interface reieaseabiy coupieabie to a host processing device; a memory; and a processor. The 
processor provides the host processing device conditional access to data storable in the memory as well 
as the functionality required to manage files stored in the personal key and for performing computations 
based on the data in the files. In one embodiment, the personal key aiso comprises an integral user input 
device and an integral user output device. The input and output devices communicate with the processor 
by communication paths which are independent from the USB-compliant interface, and thus allow the user 
to communicate with the processor without manifesting any private information external to the personal 
key. 

The foregoing description of the preferred embodiment of the invention has been presented for the 
purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the 
precise form disclosed. Many modifications and variations are possible in light of the above teaching. For 
example, while the foregoing personal key has been described as providing for electrical communication 
with the host communication, it is envisioned that such electrical communication includes the optical 
transfer of data such as is implemented by fiber optics and the like. 

It is intended that the scope of the invention be limited not by this detailed'description, but rather by the 
claims appended hereto. The above specification, examples and data provide a complete description of the 
manufacture and use of the composition of the invention. Since many embodiments of the invention can be 
made without departing from the spirit and scope of the invention, the invention resides in the claims 
hereinafter appended. 
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Revendications 

H 

WHAT IS CLAIMED IS: 

1. A compact personal token .200). comprising: 

a USB-compiiant interface (2C5) reieaseably coupieable to a host processing device (102); 
a memory (214); 

a processor (212), communicatively coupied to the memory (214) and communicatively coupieable to che 
host processing device ; 102; via che USBcompliant interface (130), the processor (212) for providing the 
host processing device (102) conditional access to data storable in the memory (214); and 
a user input device (21 S\ communicatively coupled to the processor (212) by a path (220) distinct from the 
USB-compliant interface (206). 

2. The apparatus of claim 1 t wnerein the user input device (218) is configured to ccniroi an operation of the 
processor (212). 

3. The apparatus of ciaim 1 : wnerein the operation comprises an operation selected from the group 
comprising: 

an encryption operation: and 

a decryption operation. •» 

4. The apparatus of ciaim 1 . wnerein the operation comprises a digital signature operation using a private j 
key stored in the memory (214). g 

5. The apparatus of ciaim 1 , wherein the input device (218) comprises at least one pressure-sensitive I 
device actuatable from an exterior surface of the token (200). 1 

6. The apparatus of ciaim 1 . wherein the input device (218) comprises at least one push-button switch | 
(702). 

7. The apparatus of claim 1 , further comprising an output device (222), communicatively coupled to the 
processor (212) by path (224) distinct from the USBcompliant interface (206), for providing information 
regarding the operation of the processor (212). 

8. The apparatus of claim 7, wherein the output device (212) comprises at least one light emitting device 
(616). 

9. The apparatus of claim 7, wherein the output device comprises at least one liquid crystal display (706). 

10. The apparatus of claim 7, wherein the output device comprises at least one aural output device. 

11. A compact personal token (200), comprising: 

a USB-compliant interface (206) reieaseably coupieable to a host processing device (102); 
a memory (214); 

a processor (21 2), communicatively coupled to the memory (214) and communicatively coupieable to the 

host processing device (102) via the USBcompliant interface (206), the processor (212) for providing the 

host processing device (102) conditional access to data storable in the memory (214); and 

a user output device (222), communicatively coupled to the processor (212). * 

12. The apparatus of claim 11. wherein the user output device (212) is coupled to the processor (212) by a g 
path (224) distinct from the USB-compliant interface (206). 

13. The apparatus of claim 11. wnerein the user output device (212) is configured to indicate the operation 
of the processor (212). 

14. The apparatus of claim 11, wherein the operation comprises an operation selected from the group 
comprising: 

an encryption operation: 
a decryption operation: and 
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a digital signature operation using a private key. 

15. The apparatus of claim 11, wherein the user output device (212) is selected from a group comprising: 
at least one light emitting device (616); 

at least one liquid cr/stai display (706); and 
at least one aural device. 

16. The apparatus of claim 1 1. further comprising an input device (218), communicatively coupled to the 
processor (212) by path (220) distinct from the USBcompliant interface (206), for providing information for 
the operation of the processor (212). 

17. The apparatus of ciaim 11, wherein the processor (212) and memory (214) are disposed on a circuit 
board (606) having at least one circuit connection surface (610) providing electrical communication with the 
processor (212), and the 

USB-compliant interface (206) comprises: 

at least one conductive pin for providing electrical communication between the circuit connecting surface 
(610) and the host processing device (102), wherein the conductive pin comprises a pin securing portion 
and is reieasably coupieable to the circuit connection surface (610); and 

a housing (602) for substantially enclosing at least some of the circuit board (606), the housing (602) 
comprising a pin interfacing portion mateable with the pin securing qortion for securing the pin member 
along a longitudinal axis of the conductive pin. 
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